delegate-task

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly enables searching/downloading/executing "cloud" community skills (search_scope="all", search_skills source="all" with auto_import and execute_task that auto-evolves/executes cloud skills), meaning user-contributed third-party skill code and metadata are fetched and acted on, which can carry untrusted instructions that influence agent behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). This skill delegates arbitrary DevOps and automation tasks to an autonomous agent that can download, edit, and execute local skills (and thus write files, modify services, or run commands that change system state), so it enables actions that could compromise the machine even though it doesn't explicitly request sudo or user creation.